---
apiVersion: v1
kind: Service
metadata:
  name: grafana
  namespace: monitoring
spec:
  type: ClusterIP
  ports:
    - name: service
      port: 80
      protocol: TCP
      targetPort: 3000
  selector:
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: grafana
  namespace: monitoring
  annotations:
    certmanager.k8s.io/cluster-issuer: monitoring-issuer
spec:
  ingressClassName: system-ingress
  tls:
    - hosts:
        - "grafana.kryukov.local"
      secretName: grafana-tls
  rules:
    - host: "grafana.kryukov.local"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: grafana
                port:
                  number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: grafana
  namespace: monitoring
  labels:
    app.kubernetes.io/name: grafana
    app.kubernetes.io/instance: grafana
  annotations:
    reloader.stakater.com/auto: "true"
spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: grafana
      app.kubernetes.io/instance: grafana
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: grafana
        app.kubernetes.io/instance: grafana
    spec:
      serviceAccountName: grafana
      automountServiceAccountToken: true
      securityContext:
        fsGroup: 472
        runAsGroup: 472
        runAsUser: 472
      initContainers:
        - name: init-chown-data
          image: "busybox:1.35.0"
          imagePullPolicy: IfNotPresent
          securityContext:
            runAsNonRoot: false
            runAsUser: 0
          command:
          - sh
          - -c
          - |
            mkdir -p /tmp2/grafana/dashboards/default 
            chown -R 472:472 /tmp2/grafana 
            cd /tmp2/grafana/dashboards/default
            
            for FILE in /tmp/*.b64
            do
              echo "Convert from $FILE to ${FILE%.b64}" 
              base64 -d < $FILE > ${FILE%.b64}
            done
            
            for FILE in /tmp/*.gz
            do
              echo "gunzip $FILE"
              gunzip $FILE
            done
            
            for FILE in /tmp/*.json
            do
              mv $FILE .
            done
            echo "============="
            ls -l .

          volumeMounts:
          - name: storage
            mountPath: "/tmp2/grafana"
          - name: dashboard-daemonset
            mountPath: "/tmp/daemonset.json.gz.b64"
            subPath: "daemonset.json.gz.b64"
          - name: dashboard-deployment
            mountPath: "/tmp/deployment.json.gz.b64"
            subPath: "deployment.json.gz.b64"
          - name: dashboard-sts
            mountPath: "/tmp/sts.json.gz.b64"
            subPath: "sts.json.gz.b64"
          - name: dashboard-k8s
            mountPath: "/tmp/k8s.json.gz.b64"
            subPath: "k8s.json.gz.b64"
          - name: dashboard-main
            mountPath: "/tmp/main.json.gz.b64"
            subPath: "main.json.gz.b64"
          - name: dashboard-node-exporter
            mountPath: "/tmp/node-exporter.json.gz.b64"
            subPath: "node-exporter.json.gz.b64"
          - name: dashboard-nodes
            mountPath: "/tmp/nodes.json.gz.b64"
            subPath: "nodes.json.gz.b64"
          - name: dashboard-pod
            mountPath: "/tmp/pod.json.gz.b64"
            subPath: "pod.json.gz.b64"
          - name: dashboard-pods
            mountPath: "/tmp/pods.json.gz.b64"
            subPath: "pods.json.gz.b64"
          - name: dashboard-victoria
            mountPath: "/tmp/victoria.json.gz.b64"
            subPath: "victoria.json.gz.b64"
          - name: dashboard-ingress-nginx
            mountPath: "/tmp/ingress-nginx.json.gz.b64"
            subPath: "ingress-nginx.json.gz.b64"
      enableServiceLinks: true
      containers:
        - name: grafana
          image: "grafana/grafana:8.3.4"
          imagePullPolicy: IfNotPresent
          ports:
            - name: service
              containerPort: 80
              protocol: TCP
            - name: grafana
              containerPort: 3000
              protocol: TCP
          env:
            - name: GF_SECURITY_ADMIN_USER
              valueFrom:
                secretKeyRef:
                  name: grafana
                  key: admin-user
            - name: GF_SECURITY_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: grafana
                  key: admin-password
            - name: GF_PATHS_DATA
              value: /var/lib/grafana/
            - name: GF_PATHS_LOGS
              value: /var/log/grafana
            - name: GF_PATHS_PLUGINS
              value: /var/lib/grafana/plugins
            - name: GF_PATHS_PROVISIONING
              value: /etc/grafana/provisioning
          livenessProbe:
            failureThreshold: 10
            httpGet:
              path: /api/health
              port: 3000
            initialDelaySeconds: 60
            timeoutSeconds: 30
          readinessProbe:
            httpGet:
              path: /api/health
              port: 3000
          resources:
            limits:
              cpu: 500m
              memory: 1024Mi
            requests:
              cpu: 100m
              memory: 128Mi
          volumeMounts:
          - name: config
            mountPath: "/etc/grafana/grafana.ini"
            subPath: grafana.ini
          - name: config
            mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
            subPath: "dashboardproviders.yaml"
          - name: config
            mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
            subPath: "datasources.yaml"
          - name: storage
            mountPath: "/var/lib/grafana"
      volumes:
        - name: config
          configMap:
            name: grafana
        - name: storage
          persistentVolumeClaim:
            claimName: grafana
        - name: dashboard-daemonset
          configMap:
            name: daemonset
        - name: dashboard-deployment
          configMap:
            name: deployment
        - name: dashboard-sts
          configMap:
            name: sts
        - name: dashboard-k8s
          configMap:
            name: k8s
        - name: dashboard-main
          configMap:
            name: main
        - name: dashboard-node-exporter
          configMap:
            name: node-exporter
        - name: dashboard-nodes
          configMap:
            name: nodes
        - name: dashboard-pod
          configMap:
            name: pod
        - name: dashboard-pods
          configMap:
            name: pods
        - name: dashboard-victoria
          configMap:
            name: victoria
        - name: dashboard-ingress-nginx
          configMap:
            name: ingress-nginx